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„ ~, rt »hle data storage cartridge ( 10) for managing access by users to the 
(57) Abstract: A portable security system mounted in c ^idg^l0) is powered by and receives data from and 
cartridge (10). A programmable computer processor (30 > m oun^ m carm * ^ ^ a user table has a unique 

transmits data to a data storage drive ( 11 ) via a w ^'« s ™ J ^ uthori2ed m conduct with respect to the data storage 

user identifier for each authorized user and hsts l*™^"™^^ ^ the user identifier comprises a user symbol and 
cartridge (101. Preferably, a private key. P^'^^S'te au thorized user is encrypted by a sender private key 
a user decrypting sender public key. A user authenucalion messa ='™ m cryptographic algorithm. The cryptographic 

and a receiver public key. in accordance with a P^^^ 8 ^^^^ and the sender public key, whereby the user 
algorithm decrypts the user authenticaoon message ^^i-v svsten, algorithm gran, access to the user for the 
authentication message is known to have come from the user. Then. . . 

listed activities with respect to the cartridge ( 10). 

BEST AVAILABLE COP v 
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WIRELESS SECURITY ACCESS MANAGEMENT 
FOR A PORTABLE DATA STORAGE CARTRIDGE 

FIELD OF THE INVENTION 

5 

This invention relates to the protection of data stored in portable 
data storage cartridges, and, more particularly, to providing secure 
access to the data stored in portable data storage cartridges. 

10 BACKGROUND OF THE INVENTION 

Data storage cartridges are typically employed to store data which 
may be transported between data storage drives and may be stored 
separately from the data storage drives between uses. Much of the data 

15 must be secured with respect to outsiders, and much of the data must be 

secured in favor of some users with respect to other users. Only certain 
users should be allowed access to certain data, and certain users should 
be allowed to define who has access to that data. " An example comprises 
payroll information, and another example comprises financial account 

20 information. Further, the authorized users tend to change over time. 

Thus, it is advantageous to not only provide security for data 
stored in data storage cartridges, but also to manage the access to that 
data to particular users, and to different users for different data 
25 storage cartridges. 

Security of data stored in portable data storage cartridges is 
typically managed by encrypting the data and providing a key for 
decrypting the data. Typically, a data processing system includes or 
obtains the decryption key, and users which are authorized access to the 
data are listed in the data processing system. The data processing system 
provides the key and decrypts the data of the data storage drive accessing 
the data storage cartridge. One example is described in U.S. Patent No. 
5,857,021 in which permission data is written into the data storage media 
of the cartridge which contains an encrypted key that is necessary for 
decrypting the data. The key can be decoded only with, valid IDs of the 
equipment of the data processing system. The data processing system thus 
provides the decrypting key and the user is authorized access by a table 
in the data processing system. 
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v^, a n c er to the data is noc 
^ HSfficultv is that the access by a user co 

table and having the decryption key. 

Da ta processing system are continually being updated and ^ 
authorization tables must be transferred to the new system, and correlated 
authorization c af . cess is required. The management 

•<->, f hP data storage media to which access is req 
with the data sto g .„, lv handled by other organizations, 

of the authorization table is typically handled y 

v, than those responsible for the security of the data. The 

ranges to' t^le and correlation to the da.a and to the various data 
processing systems become a source of loss of security. 

SUMMARY OF THE INVENTION 

Th . present initio Provides a security sysce. which is portable 
and „,y be »». g ed CO acco^odace chants Co access Co Che date. 

T he present invention provide . portable security sysce. method. 
„d colter readable pre,™ code of , tauter pro,™ P ro ue . 



v-.,,,,, in a portable data storage cartridge for managing access to the 
resides man storage cartridge has a data 

portable data storage cartridge. The data sto g forstoring 
storage media, such as a magnetic tape or a^ op a ^ 
. .w^p fl r Cess bv a user of a data suoidy 



data for read/write access by a 
in the data storage drive. 

The portable security systen, co.spri.es . wireless interface „ou=ced 
in Che Portable dec. ssor. 9 e cartridge for receivin, power and dace fr-. 

daca CO. Ch. d.c. ssora 9 e drive when counted in Che dec, 
, riI , The „ ir ele.s interface preferably comprise, en RF 



data storage cartridge and coupled to the wireless interface 
computer processor within the portable data storage cartridg 
~ ' interface and receives and transmits data to the data 



The 

torage cartridge is powered 



hv the wireless interface ana reu^xv" - 

l» g e drive vie the wireless interface. Thd center processor Provrdes 
I user tahle co.prisin 9 at least one un i9 u. user fdensrfr.r for each 
authorised user, which «y concise a user synu-l and , correspond^ user 
authorize he uSer is authorized to conduct 

kev and at least one permitted activity the u 

„o^Hn The user identifier, when 
with respect to the data storage media. The u 

wicn resp from t he authorized user in 

combined with a user authentication message from 
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accordance with a predetermined algorithm, authorizes the user. The 
computer processor within the portable data storage cartridge receives 
user authentication messages from the data storage drive via the wireless 
interface, and combines the user authentication message with the user 
identifier from the user table in accordance with the predetermined 
algorithm to authorize or deny the user activity, and transmits the user 
authorization or denial to the data storage drive via the wireless 
interface . 

Preferably, a private key, public key cryptographic algorithm is 
employed. Thus, each user identifier in the user table comprises a user 
symbol and the user's decrypting sender public key, wherein the user 
authentication message comprises an encrypted user authentication message 
which may be decrypted by the user decrypting key, specifically comprising 
a request for access encrypted by a sender private key and a receiver 
public key, and wherein the employed private key, public key cryptographic 
algorithm decrypts the user authentication message employing a receiver 
private key and the sender public key, whereby the user authentication 
message is known to have come from the user. 

The permitted activities in the user table may comprise 1) read 
access to data stored in the data storage media, 2) write access to data 
stored in the data storage media, 3) read the user entry of the user 
table, 4) read all entries of the user table, 5) add entries to the user 
table, and 6) change/delete entries to the user table. Each of the users 
may be authorized to conduct selected ones of the plurality of activities. 

A class table is additionally provided that has an unique class 
identifier for each authorized class of users, which may comprise a class 
symbol and a corresponding class key and at least one permitted activity 
each class of users is authorized to conduct with respect to the data 
storage media. The class identifier, when combined with a user 
authentication message from a user of the authorized class of users in 
accordance with the predetermined algorithm, authorizes the user. The 
user table additionally comprises any class membership of each user, 
wherein the user may be authorized with respect to the class table either 
by the class authorization or by the user authorization. The user table 
permitted activities may additionally comprise 3) read all entries of the 
class table, 4) add entries to the class table, and 5) change/delete 
entries to the class table. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

' The present: invention will now be described in .ore detail, by way 
of example, with reference to the accompanying drawings in which: 

FIG 1 is a diagrammatic representation of a data storage cartridge 
with a data storage drive and a host in accordance with the present 
invention; 

FIG 2 is a block diagram of an RF interface, computer processor, 
and nonvolatile storage in the data storage cartridge of FIG. 1; 

FIGS . 3 and 4 are diagrammatic representations of tables of the 
nonvolatile storage of FIG. 2 ,- 

m 5 is a diagrammatic representation of the encryption of a 
reguest for access and its decryption in accordance with the present: 
invention; 

PIG 6 is a diagrammatic representation of a state diagram of the 
operation of the computer processor of FIG. 2 in accordance with the 
present invention; and 

PIGS 7 and 8 are flow charts depicting the method of the present 
invention for initializing a data storage cartridge and for conducting the 
authentication and authorization of a user request. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

This invention is described in preferred embodiments in the 

. . ,- 0 the Ficrures, in which like numbers 

following description with reference to the Figur 

represent the same or similar elements. While this invention is described 
in t erms of the best mode for achieving this invention's objectives it 
will be appreciated by those skilled in the art that variations may be 
accomplished in view of these teachings without deviating from the spirit 
or scope of the invention. 

Referring to FIG. 1. a data storage cartridge 10. such as a magnetic 

•„ illustrated) or an optical disk, is loaded into a oata 

tape cartridge (as illustrated* o 

storage drive 11. An example of a data storage cartridge is an IBM 3590 
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data tape cartridge. Another example is an LTO (Linear Tape Open) data 
tape cartridge. 

The data storage cartridge has a storage media 12 , such as a 
magnetic tape, that is stored on a tape reel 15 and may be threaded into 
the data storage drive 11. As an example, the magnetic tape 12 is 
threaded past a read/write head 17 to a take-up reel 18. A drive 
controller 20,. which includes both read/write electronics and control 
circuitry for operating the drive, is coupled to the read/write head 17 
for reading data from, or writing data to, the storage media 12. The 
drive controller is also coupled, via an interface 21, to a host 22. The 
host may comprise a data processing system or server, or may comprise a 
drive subsystem controller, for example, for an automated data storage 
library. An example of a data storage drive is an IBM 3590 tape storage 
subsystem . 

The data storage drive 11 is modified so that drive controller 20 is 
also coupled to a wireless interface 25. The data storage cartridge 10 is 
also modified to incorporate a wireless interface 26 and a computer 
processor 30 with a nonvolatile memory 31. 

The cartridge wireless interface 26 receives power and data from, 
and sends data to, the wireless interface 25 of the data storage drive 
when the data storage cartridge 10 is mounted in the data storage drive 
11. Preferably, the wireless interface 25, 26 is an RF wireless 
interface. An example is described in U.S. Patent No. 4,941,2 01. A high 
frequency inductive wireless interface may also be employed, which is of 
sufficiently high frequency that the magnetic storage media 12 is not 
adversely affected by the signal. Examples are described in U.S. Patents 
No. 4,650,981, No. 4,758,836, and No . 3,859,624. Alternatively, the 
inductive antennae for the wireless interface are shielded from the 
magnetic storage media 12. 

The computer processor 30 comprises a microprocessor chip, for 
example, an Intel Pentium chip arranged to operate in a low power 
environment, such as a portable computer, and the associated nonvolatile 
memory 31 is also arranged to operate in a low power environment. 

In accordance with the present invention, the wireless interface 26 
and the computer processor 30 with the associated nonvolatile memory 31 
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are mounted in. and provide a portable security system for. the portage 
data storage cartridge 10. Specifically, the security system, by be.ng 
m ounted in the portable data storage cartridge, becomes portable, 
accompanying the cartridge at all times. Thus, the security is no longer 
exclusively dependent upon the security of the data storage drive 11 and 
its host system 22. and is not limited to a particular drive or host. The 
cartridge may be used with different drives and host systems at varred 
locations, and may be used with updated drives and updated data processing 
systems. Further, the security system may be managed and updated to 
change access to the data at any of the drives by users which have 
previously been granted permission via the user or class tables in the 
data storage cartridge. The security system remains portable and within 
the data storage cartridge. 

The wireless interface 26 and computer processor 30 are detailed in 
fig 2 . An antenna 35 receives the RF signal from the RF interface of the 
data storage drive, and coupler 36 supplies the received signal to a power 
conversion circuit 40. and to a data demodulator 42. The power conversion 
circuit 40 converts the received signal to a power current, supplying the 
current on line 44 to all of the devices in the data storage cartridge 
retiring power, including the computer processor 30. the data demodulator 
42 and a data modulator 45. The received signal from antenna 35 is 
encoded, and data demodulator 42 receives the incoming • coded signal from 
coupler 36 and demodulates the signal to provide data signals to the 
computer processor 30. Data signals from the computer processor 30 are 
provided to the data modulator 45 which encodes the signals for 
transmission by coupler 36 and antenna 35 to the RF interface of the data 
storage drive. 

The computer processor 30 is a programmable computer processor 
comprising a microprocessor 37 having computer readable program code 
embodied therein, including an encryption/decryption algorithm 38 and an 
authorization/authentication/permitted activities algorithm 39. The 
nonvolatile storage 31 is employed to store user and class tables, as will 
be explained. The nonvolatile storage may comprise a separate chip 
attached to the programmable computer processor 30 and its microprocessor 
37 or may comprise a portion of the same chip. The computer readable 
orogram code may be stored in a nonvolatile internal memory of the 

, „„ K _ .f^od -in the nonvolatile memory Ji, 
comouter processor 30 or may also be stored _n 

~-»==ot TO The algorithms 38 and 39 may 
and loaded into the computer processor 30. me y 
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be preloaded into the programmable computer processor 30, or may be 
supplied to the computer processor at initialization over the wireless 
interface 26. 

5 The computer processor 30, employing the algorithm 39, provides a 

user table in nonvolatile memory 31 comprising at least a unique user 
identifier for each authorized user, which may comprise a user symbol and 
a corresponding key, and at least one permitted activity the user is 
authorized to conduct with respect to the data storage media, and provides 
10 a class table in nonvolatile memory 31 which has unique class identifier 

for each authorized class of users, which may comprise a class symbol and 
a corresponding key, and at least one permitted activity each class of 
users is authorized to conduct with respect to the data storage media. 

15 In accordance with the predetermined algorithm 39, the user 

identifier, when combined with a user authentication message from the 
authorized user, employing the encrypt ion/ decryption algorithm 38, 
authorizes the user. The computer processor 3 0 receives user 
authentication messages from the data storage drive via the wireless 

2 0 interface 26, and combines the user authentication message with the user 

identifier from the user table in accordance with the predetermined 
algorithm 39 and encryption/ decrypt ion algorithm 38 to authorize or deny 
the user activity, and transmits the user authorization or denial to the 
data storage drive via the wireless interface 26. 

25 

Herein, the encrypt ion/ decrypt ion algorithm 38 comprises any 
suitable encryption/decryption algorithm which both provides security and 
portability. Examples of algorithms which provide security and 
portability are the "public key" cryptography algorithms. U.S. Patent No. 
30 4,405,829 describes a "public key" encrypt ion/ decrypt ion algorithm that 

has become a defacto- standard, often called the "RSA" cryptosystem after 
the names of the authors. An implementation that provides authentication 
and allows authorization as employed herein is described in U.S. Patent 
No. 4,748,668. Accordingly, the user identifier comprises a user symbol 

3 5 and a user decrypting sender public key. When combined with a user 

authentication message from the authorized user that is encrypted by a 
receiver public key, the user is authorized. Additionally, with the use 
of a sender private key and the receiver public key, the authentication 
message can be encrypted so that, with the use of a receiver privace key 
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and the sender public key. the authentication message is both decrypted . 
and the message is known to have come from the sender. 

FIGS 3, 4 and 5 illustrate examples of cartridge initialization 
with the user and class tables and the operation of the algorithm 39 
employing the cryptography algorithm 38. FIG. 3 illustrates an 
uninitialized data storage cartridge 10 either without user and class 
tables, or which has established user and class tables, but which are 
empty FIG. 4 illustrates the data storage cartridge 10 after the user 
table 50 and . the class table 51 have been initialized in accordance with 
the present invention. 

As discussed above, the computer processor 30 provides the user 
table 50 with at least a unique user identifier for eacb authorized user 

. • ,-v.» „<3f=.r is authorized to conduct with 
and at least one permitted activity the user is autno 

respect to the data storage media. Preferably, each user identifier m 
the user table 50 comprises a user symbol 54 and a user decrypting sender 
public key 55. The permitted activities 56 of the user may comprise a 
separate entry for each user identifier and permitted activity that the 
user is authorized to conduct. Alternatively, the user table may comprise 
a separate entry for each user identifier, the entry comprising all of the 
permitted activities that the user is authorized to conduct. The user 
table 50 additionally comprises any class membership 57 of each user, so 
that the user may be authorized with respect to the class table 51 by the 
25 user authorization. 

in accordance with the present invention, the class table 51 is 
provided that has an unique class identifier for each authorized class of 
users, and at least one permitted activity 64 that eacb class of users is 
authorized to conduct. Preferably each class identifier in the class 
table 51 comprises a class symbol 62 and a class decrypting sender public 
key 63 The class identifier, when combined with a user authentication 
message from a user of the authorized class of users in accordance with 
the predetermined algorithm, authorizes the user. Thus, the user may be 
authorized with respect to the class table either by the class 
thorization or by the user authorization 57 . 
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The permitted activities 64 of the members of the class may comprise 
a separate entry for each class identifier and permitted activity that the 
user/class member is authorized to conduct. Alternatively, the class 
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cable may comprise a separate entry for each class identifier, the entry 
comprising all of the permitted activities that the user/class member is 
authorized to conduct. 

5 The permitted activities 56 in the user table 50 may comprise 1) 

read access to data stored in the data storage media, 2) write access to 
data stored in the data storage media, 3) read user entry of the user 
table, 4) read all entries of the user table, 5) add entries to the user 
table, 6) change/delete entries to the user table, 7) read class entry of 
10 the class table, 8) read all entries of the class table, 9) add entries to 

the class table, 10) change/delete entries to the class table, and 11) 
change the receiver private key. 

The permitted activities 64 in the class table 51 may comprise 1) 
15 read access to data stored in the data storage media, 2) write access to 

data stored in the data storage media, 3) read the user's class entry of 
the class table, 4) read all entries of the class table, 5) add entry to 
the class table, 6) change/delete entries to the class table, 7) read ail 
entries of the user table, 8) add entries to the user table, 9) 
20 change/delete entries to the user table and 10) change the receiver 

private key. 

The operation of a public key algorithm for authorizing access is 
illustrated with respect to FIG. 5. The preferred implementation is one 
25 as described above which both allows an authentication message to be 

decrypted, and also provides a "signature" assuring that the 
authentication message has come from the sender. In one example, the 
user/class symbol will have been sent. A user/class member generates an 
authentication message 70. Preferably, the authentication message 

3 0 includes the request for access to conduct the desired activity, saving a 

need for a second message. The user/class member has a sender private key 
71 which is employed, together with a receiver public key 72, to encrypt 
the authentication message. The receiver public key 72 is made known to 
the users and class members and is mathematically related to the sender 
35 private key, as discussed in the '668 patent, but the message cannot be 

decrypted with the same keys. The message instead is only readable by the 
intended receiver because of the use of the receiver public key. When 
decrypted, the message must have therefore been intended for the receiver. 
Thus, at the cartridge, the algorithm of the computer processor decrypts 

4 0 the message employing a receiver private key 73 and a sender public key 
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^ h1Sc kev has been made available and 
74 as discussed above, the sender public key na 

^ the encrypted authentication message, cue mes a 

providing an authentication "signature" . 

As the result, the user/class ^ may rely on the secu rity of the 
portable security system, method, and computer readable program code of a 
portable secun y y inven tion, which resides in a 

storage cartridge. 

A state diagram of the operation of che computer processor in 
accordance with the present invention is illustrate, ~ ~* ^ 
charts of the method of the present invention are deputed m FIGS 



and 

xarts of the method of the present invention ^ 
8. 

Rei e« ing CO Pres. X and Che ihicialia.cion o £ an «-»"^~ d 
carcr^e 10 is initial at seep 60. The carriage xs loadeo xnco a 



carcriage j.w — - 

d rive 11 having a wireless interface 25, and, in step 81, the 
initialization information is transmitted to the cartridge. The 
initialization i provided when in a 

initialization information is not encrypted, and pro 
secure situation. The cartridge wireless interface 26 receives the 
secure siru provides the information to the 

initialization information m step 82 and pro 

cartridge processor 30. As discussed above, the initialization 
25 cartridge P r tables. The cartridge processor 

information comprises the user and class tables interface is 

t-y.^ inout from the wireless interlace is 
30 in step 83, recognizes that the input rr ^ 

^UU-a. «* «>e =,rcria g e has heen xeicxalxeea peevxou sly a 
„ee.. 5 e is ae n c Co Che drive XX - Che wireless xaeerfaoe. x„ seep .4. 
denying the initialization. 

Xf the cartridge is uninitialized, an initializing drive or host 
computer provides the user table to the cartridge computer processor 
step 85 al provides the class table in step 86, both via the wireless 
35 step f provided previously, 

interface. The receiver private key may have 

, , t « 87 may be provided in the initialization load, 
or, as an optional step 87, may oe p , , 

-!„,-<=, arifi t he drive is inrormed of the 
The initialization is then complete, and the a 

completion in step 89. 



BNSDOCID: <WO 013SI93A1_I_> 



WO 01/35193 



PCT/GB00/04266 



11 



10 



Referring to. FIGS. 1 # 6 and 8, an authentication or an access . 
request is initiated in step 90, e.g., by sending the user symbol, and the 
cartridge computer processor 30 is initially in an idle state 91. In step 
93, the request is received at the wireless interface 26 and is provided 
to the computer processor. The computer processor moves to state 94 and, 
in step 95, determines whether the requesting user or class member is in 
the list of the user or class table. If not in the table, the computer 
processor 30, in step 96, moves to state 9 7 and denies access to the 
user/class member via the wireless interface 26. 



If the user or class member is in the respective table, the computer 
processor, in step 98, moves to state 99 and requests the authentication 
message from the user or class member. The computer processor moves to 
state 10 0 while awaiting the authentication message, and, if the message 

15 is not received in a time out period, denies access in state 97 . In step 

102, the authentication message is received by the wireless interface 26 
and forwarded to the computer processor 30. As discussed above, the 
authentication message is encrypted by the sender .private key and the 
receiver (cartridge) public key. The computer processor moves to state 

20 103, receiving the message and beginning the authentication. In step 105, 

the computer processor conducts the decryption of the authentication 
message employing the receiver private key and employing the sender public 
key from the user or class ~~ble. In step 106, the computer processor 
determines whether the user or class member is authorized. If not, the 

25 computer processor 30 moves to state 97 and, in step 96, denies access. 

If the user or class member is authorized, the computer processor 
moves to state 98 and, in step 110, reads the user or class table for the 
permitted activities for the user/class member. As discussed above, the 

3 0 authentication message preferably includes a request to conduct one or 

more activities. Based on the permitted activities of the user or class 
table and the request, the computer processor moves to state 111 or to 
state 112 to grant the permitted activity. The permission to change the 
receiver private key will be very limited to a particular user or to a 
35 particular class. Thus, the grant of the permitted activities of state 

111 are transmitted in step 114 to the drive 11 over the wireless 
interface. As an example, the requested access from state 111 does not 
require a decrypting key for the data, such as changing an entry to the 
user table. State 112 is entered only in response to a specific request 

4 0 by the user /class member, and, in step 114 , the decrypting key for the 
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daca on Che cartridge date storage media is transmitted to .he drive 11 . 
from the cartridge 10 over .he wireless interface 26. The computer 

As specific security examples, read access to the daca stored in the 
data storage media is controlled by the computer processor 30 xn the 
portable cartridge through the decrypting Key; table access is enxorced by 
the computer processor 30 in the portable cartridge; and write access x. 
controlled logically in the drive, which may be under the logical control 
of the processor. However, the cartridge itself cannot totally restrict 
writing per se . 

Thus the present invention -provides a security system which is 
portable and may be managed to accommodate changes to access to the data 
of the data storage cartridge 10. Only certain users are allowed access 
to each cartridge. and only certain users are allowed to define who has 
access to that data. 
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CLAIMS 

1. A portable security system for managing access to a portable data 
storage cartridge, said data storage cartridge having data storage media 

5 for storing data for read/write access by a user of a data storage drive 

when mounted in said data storage drive, said portable security system 
comprising : 

a wireless interface mounted in said portable data storage cartridge 
for receiving power and data from, and sending data to, said data storage 

10 drive when mounted in said data storage drive; and 

a computer processor mounted in said portable data storage cartridge 
and coupled to said wireless interface; said computer processor powered by 
said wireless interface and receiving and transmitting data to said data 
storage drive via said wireless interface; said computer processor having 

15 a user table comprising at least a unique user identifier for each 

authorized user and at least one permitted activity said user is 
authorized to conduct with respect to said data storage media, said user 
identifier, when combined with a user authentication message from said 
authorized user in accordance with a predetermined algorithm, authorizes 

20 said user; said computer processor receiving said user authentication 

messages from said data storage drive via said wireless interface, 
combining said user authentication message with said user identifier from 
said user table in accordance with said predetermined algorithm to 
authorize or deny said user activity, and transmitting said user 

2 5 authorization or denial to said data storage drive via said wireless 

interface . 

2. The portable security system of Claim 1, wherein said wireless 
interface comprises an RF interface. 

30 

3. The portable security system of Claim 1 or claim 2, wherein each 
said user identifier comprises a user symbol and a user decrypting key, 
wherein said user authentication message comprises an encrypted user 
authentication message which may be decrypted by said user decrypting key, 

3 5 and wherein said computer processor conducts said combination by 

decrypting said user authentication message by said user decrypting key. 

4. The portable security system of Claim 3, wherein said user 
decrypting key comprises a sender public key, and wherein said 

4 0 predetermined algorithm comprises a public key cryptographic algorithm. 
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5. The portable security system of Claim 4, wherein said user 
authentication message is encrypted by a sender private key and a receiver 
public key, and wherein said public key cryptographic algorithm decrypts 
said user" authentication message employing a receiver private key and said 
sender public key, whereby said user authentication message is known to 
have come from said user. 

6. The portable security system of any one of the preceding claims, 
wherein said computer processor user table permitted activities comprise a 
plurality of permitted activities, selected ones of which each of said 
users may be authorized to conduct, said permitted activities comprising 

1) read access to data stored in said data storage media, 2) write access 
to data stored in said data storage media, 3) read the user entry of said 
user table, 4) read all entries of said user table, 5) add entries to said 
user table, and 6) change/delete entries to said user table. 



7. The portable security system of any one of the preceding claims, 
wherein said computer processor user table comprises a separate entry for 
each said user identifier and said permitted activity said user is 

20 authorized to conduct. 

8. The portable security system of any one of claims 1 to 6, wherein 
said computer processor user table comprises a separate entry for each 
said user identifier, said entry comprising all said permitted activities 
said user is authorized to conduct. 



9 



The portable security system of any one of the preceding claims, 
wherein said computer processor additionally comprises a nonvolatile 
memory storing said user table. 



10 . 



40 



The portable security system of any one of the preceding claims, 
wherein said computer processor additionally comprises a class table 
comprising at least a unique class identifier for each authorized class of 
users and at least one permitted activity said class of users is 
authorized to conduct with respect to said data storage media, said class 
identifier, when combined with a user authentication message from a user 
of said authorized class of users in accordance with said predetermined 
algorithm, authorizes said user; and wherein said computer processor 
additionally, upon receiving said user authentication messages from said 
data storage drive via said wireless interface, combining said user 
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authentication message with said class identifier from said class table in 
accordance with said predetermined algorithm to authorize or deny said 
class activity to said user, and transmitting said class authorization or 
denial to said data storage drive via said wireless interface. 

11. The portable security system of Claim 10, wherein said computer 
processor user table additionally comprises any class membership of each 
said user, wherein said user may be authorized with respect to said class 
table either by said class authorization or by said user authorization. 



12. The portable security system of Claim 10 or Claim 11, wherein said 
computer processor user table and said class table permitted activities 
comprise a plurality of permitted activities, selected ones of which each 
of said users may be authorized to conduct, said permitted activities 
15 comprising 1) read access to data stored in said data storage media, 2) 

write access to data stored in said data storage media, 3) read all 
entries of said class table, 4) add entries to said class table, and 5) 
change/delete entries to said class table. 

20 13. The portable security system of any preceding claim, wherein said 

data stored in said data storage media is encrypted, wherein said computer 
processor user table permitted activities comprise at least 1) read access 
to data stored in said data storage media, and wherein said user 
authorization for said read access additionally comprises a decryption key 

25 for said encrypted stored data. 

14. A data storage cartridge for storing data for read/write access by a 
user of a data storage drive when mounted in said data storage drive, 
comprising : 

3 0 data storage media mounted in said data storage cartridge for 

storing said data for said read/write access; 

a wireless interface mounted in said portable data storage cartridge 
for receiving power and data from, and sending data to, said data storage 
drive when mounted in said data storage drive; and 

3 5 a computer processor mounted in said portable data storage cartridge 

and coupled to said wireless interface; said computer processor powered by 
said wireless interface and receiving and transmitting data to said data 
storage drive via said wireless interface; said computer processor having 
a user table comprising at least a unique user identifier for each 

40 authorized user and at least one permitted activity said user is 
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authorized to conduct with respect to said data storage media, said user-, 
identifier, when combined with a user authentication message from said 
authorized user in accordance with a predetermined algorithm, authorizes 
said user; said computer processor receiving said user authentication 
5 messages from said data storage drive via said wireless interface, 

combining said user authentication message with said user identifier from 
said user table in accordance with said predetermined algorithm to 
authorize or deny said user activity, and transmitting said user 
authorization or denial to said data storage drive via said wireless 
10 interface. 

15. The data storage cartridge of Claim 14, wherein said wireless 
interface comprises an RF interface. 

" 1S 16. The data storage cartridge of Claim 14 or Claim 15, wherein each 

said user identifier comprises a user symbol and a user decrypting key, 
wherein said user authentication message comprises an encrypted user 
. authentication message which may be decrypted by said user decrypting key, 
and wherein said computer processor conducts said combination by 
decrypting said user authentication message by said user decrypting key. 



20 



25 



30 



35 



40 



17. The data storage cartridge of Claim 16, wherein said user decrypting 
key comprises a sender public key. and wherein said predetermined 
algorithm comprises a public key cryptographic algorithm. 

18. The data storage cartridge of Claim 17, wherein said user 
authentication message is encrypted by a sender private key and a receiver 
public key, and wherein said public key cryptographic algorithm decrypts 
said user authentication message employing a receiver private key and said 
sender public key, whereby said user authentication message is known to 
have come from said user. 

19. The data storage cartridge of any one of claims 14 to 18, wherein 
said computer processor user table permitted activities comprise a 
plurality of permitted activities, selected ones of which each of said 
users may be authorized to conduct, said permitted activities comprising 
1) read access to data stored in said data storage media. 2) write access 
to data stored in said data storage media, 3) read the user entry of said 
user table, 4) read all entries of said user table, 5) add entries to said 
user table, and 6) change/delete entries to said user table. 
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20. The data storage cartridge of any one of claims 14 to 19, wherein 
said computer processor user table comprises a separate entry for each 
said user identifier and said permitted activity said user is authorized 
to conduct. 

21. The data storage cartridge of any one of claims 14 to 19, wherein 
said computer processor user table comprises a separate entry for each 
said user identifier, said entry comprising all said permitted activities 
said user is authorized to conduct. 

22. The data storage cartridge of any one of claims 14 to 21, wherein 
said computer processor additionally comprises a nonvolatile memory 
storing said user table . 

15 23. The data storage cartridge of any one of claims 14 to 22, wherein 

said computer processor additionally comprises a class table comprising at 
least a unique class identifier for each authorized class of users and at 
least one permitted activity said class of users is authorized to conduct 
with respect to said data storage media, said class identifier, when 

2 0 combined with a user authentication message from a user of said authorized 

class of users in accordance with said predetermined algorithm, authorizes 
said user; and wherein said computer processor additionally, upon 
receiving said user authentication messages from said data storage drive 
via said wireless interface, combining said user authentication message 

2 5 with said class identifier from said class table in accordance with said 

predetermined algorithm to authorize or deny said class activity to said 
user, and transmitting said class authorization or denial to said data 
storage drive via said wireless interface. 

30 24. The data storage cartridge of Claim 23, wherein said computer 

processor user table additionally comprises any class membership of each 
said user, wherein said user may be authorized with respect to said class 
table either by said class authorization or by said user authorization. 

3 5 25. The data storage cartridge of Claim 23 or Claim 24, wherein said' 

computer processor user table and said class table permitted activities 
comprise a plurality of permitted activities, selected ones of which each 
of said users may be authorized to conduct, said permitted activities 
comprising 1) read access to data stored in said data storage media, 2) 

4 0 write access to data stored in said data storage media, 3) read all 
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entries of said class cable. 4) add entries to said class table, and 5) 
change/delete entries to said class table. 

26. The data storage cartridge of any one of claims 14 to 25, wherein 
said data stored in said data storage media is encrypted, wherein said 
computer processor user table permitted activities comprise at least 1) 
read access to data stored in said data storage media, and wherein said 
user authorization for said read access additionally comprises a 
decryption key for said encrypted stored data. 



27. A method for providing a portable secure interface to a data storage 
cartridge, said data storage cartridge having data storage media for 
storing data for read/write access by a user of a data storage drive when 
mounted in said data storage drive, and a wireless interface mounted in 
15 said portable data storage cartridge for receiving power and data from, 

and sending data to, said data storage drive when mounted in said data 
storage drive, said data storage cartridge having a user table comprising 
at least a unique user identifier for each authorized user and at least 
one permitted activity said user is authorized to" conduct with respect to 
20 said data storage media, said user identifier, when combined with a user 

authentication message from said authorized user in accordance with a 
predetermined algorithm, authorizes said user, said method comprising the 
steps of : 

receiving said user authentication messages from said data storage 
25 drive via said wireless interface ,- 

combining said user authentication message with said user identifier 
from said user table in accordance with said predetermined algorithm to 
authorize or deny said user activity; and 

transmitting said user authorization or denial to said data storage 
30 drive via said wireless interface . 

28. The method of Claim 27, wherein each said user identifier comprises 
a user symbol and a user decrypting key, wherein said user authentication 
message comprises an encrypted user authentication message which may be 
35- decrypted by said user decrypting key, and wherein said combining step 

comprises decrypting said user authentication message by said user 
decrypting key. 
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29. The method of Claim 27 or Claim 28, wherein said user decrypting key 
comprises a sender public key, and wherein said predetermined algorithm 
comprises a public key cryptographic algorithm. 

5 30. The method of Claim 29, wherein said user authentication message is 

encrypted by a sender private key and a receiver public key, wherein said 
public key cryptographic algorithm decrypts said user authentication 
message employing a receiver private key and said sender public key, and 
wherein said combining step comprises decrypting said user authentication 
10 message by said receiver private key and said sender public key, whereby 

said user authentication message is known to have come from said user. 

31. The method of any one of claims 27 to 30, wherein said user table 
comprises a plurality of said permitted activities, selected ones of which 

15 each of said users may be authorized to conduct, said permitted activities 

comprising 1) read access to data stored in said data storage media, 2) 
write access to data stored in said data storage media, 3) read the user 
entry of said user table, 4) read all entries of * said user table, 5) add 
entries to said user table, and 6) change/delete entries to said user 

20 table; and wherein said transmitting step comprises transmitting 

authorization to conduct the selected said user permitted activities said 
user is authorized to conduct. 

32. The method of any one of claims 27 to 31, wherein said user table 
25 comprises a separate entry for each said user identifier and said 

permitted activity said user is authorized to conduct; and wherein said 
transmitting step additionally comprises identifying said user permitted 
activities from said separate entries. 

30 33. The method of any one of claims 27 to 31, wherein said step of 

providing said user table comprises a separate entry for each said user 
identifier, said entry comprising all said permitted activities said user 
is authorized to conduct; and wherein said transmitting step additionally 
comprises identifying said user permitted activities from said user 

3 5 separate entry . 

34. The method of any one of claims 27 to 33, wherein said data storage 
cartridge additionally comprises a class table comprising at least a 
unique class identifier for each authorized class of users and at least 

4 0 one permitted activity said class of users is authorized to conduct with 
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aspect to said data storage media, said class identifier, when combined 
with a user authentication message from a user of said authorized class or 
users in accordance with said predetermined algorithm, authorizes said 



user; 



d 



wherein said combining step additionally comprises, upon receiving 
said user authentication messages from said data storage drive via said 
wireless interface, combining said user authentication message with saad 
class identifier from said class table in accordance with said 
predetermined algorithm to authorize or deny said class activity to sax 

10 user; and 

wherein said transmitting step additionally comprises transmitting 

said class authorization or denial to said data storage drive via said, 
wireless interface . 

15 35. The method of Claim 34, wherein said user table additionally 

comprises any class membership of each said user; and wherein said 
combining step additionally authorizes said user with respect to said 
class table either by said class authorization or by said user 



authorization . 



36 The method of Claim 34 or Claim 35. wherein said user table and said 
class table comprise a plurality of permitted activities, selected ones of 
which each of said users may be authorized to conduct, said permitted 
activities comprising 1) read access to data stored in said data storage 
media, 2) write access to data stored in said data storage media. 3) read 
all entries of said class table. 4) add entries to said class table, and 
5) change /delete entries to said class table; and wherein said 
transmitting step comprises transmitting authorization to conduct the 
selected . sai 
30 authorized to conduct. 



iid user and said class permitted activities said user is 



37 . 



The method of any of claims 27 to 36, wherein said data stored in 
said data storage media is encrypted, wherein said step of providing said 
user table permitted activities comprises providing at least 1) read 
access to data stored in said data storage media, and wherein said step of 
transmitting said user authorization for said read access additionally 
comprises transmitting a decryption key for said encrypted stored data. 



BNSDOCIO: <WO 013S193A1 J_> 



WO 01/35193 



PCT/CB00/04266 



38. A computer program product usable with a programmable computer 
processor having computer readable program code embodied therein for 
providing a secure interface to a data storage cartridge, said 
programmable computer processor mounted in said data storage cartridge, 
5 said data storage cartridge having data storage media for storing data for 

read/write access by a user of a data storage drive when mounted in said 
data storage drive, and a wireless interface mounted in said portable data 
storage cartridge for receiving power and data from, and sending data to, 
said data storage drive when mounted in said data storage drive, said 

10 computer program product comprising: 

computer readable program code which causes said programmable 
computer processor to provide a user table comprising at least a unique 
user identifier for each authorized user and at least one permitted 
activity said user is authorized to conduct with respect to said data 

15 storage media, said user identifier, when combined with a user 

authentication message from said authorized user in accordance with a 
predetermined algorithm, authorizes said user; 

r 

computer readable program code which causes said programmable 
computer processor to receive said user authentication messages from said 

20 data storage drive via said wireless interface; 

computer readable program code which causes said programmable 
computer processor to combine said user authentication message with said 
user identifier from said user table in accordance with said predetermined 
algorithm to authorize or deny said user activity; and 

2 5 computer readable program code which causes said programmable 

computer processor to transmit said user authorization or denial to said 
data storage drive via said wireless interface. 
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